cbcvebase.
CVE-2019-10945
published 2019-04-10

CVE-2019-10945: An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside…

PriorityP275critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
38.02%
98.4th percentile
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

Affected

1 ranges
VendorProductVersion rangeFixed in
joomlajoomla_!1.5.0 – 3.9.4

Detection & IOCsextracted from sources · hover to see the quote

url?option=com_media&view=mediaList&tmpl=component&folder=/..
path/administrator
  • Detect directory traversal attempts against Joomla Media Manager by monitoring HTTP requests to com_media containing 'folder=/..' or 'folder=../' patterns in the query string.
  • Monitor for authenticated requests to the Joomla administrator panel targeting 'file.delete' or 'folder.delete' actions combined with traversal sequences in the 'folder' parameter, indicating arbitrary file deletion attempts.
  • Alert on requests to Joomla's com_media component where the 'folder' parameter value begins with '/..' or contains path traversal sequences, as this is the unsanitized parameter exploited by CVE-2019-10945.
  • Temporary cookie files with the pattern '<md5hash>.Jcookie' in the system temp directory may indicate use of this exploit tool on an attacker-controlled machine.
  • ·Exploitation requires valid authenticated credentials to the Joomla administrator panel; unauthenticated exploitation is not possible.
  • ·The vulnerability affects Joomla versions 1.5.0 through 3.9.4; version 3.9.5 and later are patched.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.